1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

speedo: Add config variable for the timestamp service.

--
This commit is contained in:
Werner Koch 2024-02-15 14:52:35 +01:00
parent 04cbc3074a
commit 0370678536
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -51,10 +51,13 @@
# # This is greped by the Makefile. # # This is greped by the Makefile.
# RELEASE_ARCHIVE=foo@somehost:tarball-archive # RELEASE_ARCHIVE=foo@somehost:tarball-archive
# #
# # The key used to sign the released sources. # # The key used to sign the GnuPG sources.
# # This is greped by the Makefile. # # This is greped by the Makefile.
# RELEASE_SIGNKEY=6DAA6E64A76D2840571B4902528897B826403ADA # RELEASE_SIGNKEY=6DAA6E64A76D2840571B4902528897B826403ADA
# #
# # The key used to sign the VERSION files of some MSI installers.
# VERSION_SIGNKEY=02F38DFF731FF97CB039A1DA549E695E905BA208
#
# # For signing Windows binaries we need to employ a Windows machine. # # For signing Windows binaries we need to employ a Windows machine.
# # We connect to this machine via ssh and take the connection # # We connect to this machine via ssh and take the connection
# # parameters via .ssh/config. For example a VM could be specified # # parameters via .ssh/config. For example a VM could be specified
@ -74,6 +77,9 @@
# # This is greped by the Makefile. # # This is greped by the Makefile.
# AUTHENTICODE_TOOL="C:\Program Files (x86)\Windows Kits\10\bin\signtool.exe" # AUTHENTICODE_TOOL="C:\Program Files (x86)\Windows Kits\10\bin\signtool.exe"
# #
# # The URL for the timestamping service
# AUTHENTICODE_TSURL=http://rfc3161timestamp.globalsign.com/advanced
#
# # To use osslsigncode the follwing entries are required and # # To use osslsigncode the follwing entries are required and
# # an empty string must be given for AUTHENTICODE_SIGNHOST. # # an empty string must be given for AUTHENTICODE_SIGNHOST.
# # They are greped by the Makefile. # # They are greped by the Makefile.
@ -242,6 +248,7 @@ $(1) = $$(shell grep '^[[:blank:]]*$(1)[[:blank:]]*=' $$$$HOME/.gnupg-autogen.rc
endef endef
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_SIGNHOST)) $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_SIGNHOST))
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TOOL)) $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TOOL))
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_TSURL))
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_KEY)) $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_KEY))
$(eval $(call READ_AUTOGEN_template,AUTHENTICODE_CERTS)) $(eval $(call READ_AUTOGEN_template,AUTHENTICODE_CERTS))
$(eval $(call READ_AUTOGEN_template,OSSLSIGNCODE)) $(eval $(call READ_AUTOGEN_template,OSSLSIGNCODE))
@ -1350,7 +1357,7 @@ define AUTHENTICODE_sign
scp $(1) "$(AUTHENTICODE_SIGNHOST):a.exe" ;\ scp $(1) "$(AUTHENTICODE_SIGNHOST):a.exe" ;\
ssh "$(AUTHENTICODE_SIGNHOST)" '$(AUTHENTICODE_TOOL)' sign \ ssh "$(AUTHENTICODE_SIGNHOST)" '$(AUTHENTICODE_TOOL)' sign \
/a /n '"g10 Code GmbH"' \ /a /n '"g10 Code GmbH"' \
/tr 'http://rfc3161timestamp.globalsign.com/advanced' /td sha256 \ /tr '$(AUTHENTICODE_TSURL)' /td sha256 \
/fd sha256 /du https://gnupg.org a.exe ;\ /fd sha256 /du https://gnupg.org a.exe ;\
scp "$(AUTHENTICODE_SIGNHOST):a.exe" $(2);\ scp "$(AUTHENTICODE_SIGNHOST):a.exe" $(2);\
echo "speedo: signed file is '$(2)'" ;\ echo "speedo: signed file is '$(2)'" ;\
@ -1361,13 +1368,13 @@ define AUTHENTICODE_sign
-pkcs11module $(SCUTEMODULE) \ -pkcs11module $(SCUTEMODULE) \
-certs $(AUTHENTICODE_CERTS) \ -certs $(AUTHENTICODE_CERTS) \
-h sha256 -n GnuPG -i https://gnupg.org \ -h sha256 -n GnuPG -i https://gnupg.org \
-ts http://rfc3161timestamp.globalsign.com/advanced \ -ts $(AUTHENTICODE_TSURL) \
-in $(1) -out $(2).tmp ; mv $(2).tmp $(2) ; \ -in $(1) -out $(2).tmp ; mv $(2).tmp $(2) ; \
elif [ -e "$(AUTHENTICODE_KEY)" ]; then \ elif [ -e "$(AUTHENTICODE_KEY)" ]; then \
echo "speedo: Signing using key $(AUTHENTICODE_KEY)";\ echo "speedo: Signing using key $(AUTHENTICODE_KEY)";\
osslsigncode sign -certs $(AUTHENTICODE_CERTS) \ osslsigncode sign -certs $(AUTHENTICODE_CERTS) \
-pkcs12 $(AUTHENTICODE_KEY) -askpass \ -pkcs12 $(AUTHENTICODE_KEY) -askpass \
-ts "http://timestamp.globalsign.com/scripts/timstamp.dll" \ -ts "$(AUTHENTICODE_TSURL)" \
-h sha256 -n GnuPG -i https://gnupg.org \ -h sha256 -n GnuPG -i https://gnupg.org \
-in $(1) -out $(2) ;\ -in $(1) -out $(2) ;\
else \ else \